Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Drupal
Drupaladded 2012/12/19 12:0 a.m.609 views

SA-CORE-2012-004 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Access bypass User module search - Drupal 6 and 7 A vulnerability was identified that allows blocked users to appear in user search results, even when the search results are viewed by unprivileged users. This...

6CVSS6.9AI score0.00688EPSS
Exploits1References27
Drupal
Drupaladded 2012/03/28 12:0 a.m.20 views

SA-CONTRIB-2012-047 - Ubercart Views - Information disclosure

CVE: CVE-2012-2074 Ubercart Views provides Views integration for the Ubercart shopping cart module, and includes default views that contain a critical information disclosure bug. In some versions, these views are disabled by default, but still disclose information if you enable them. Versions...

5CVSS6.1AI score0.0056EPSS
Exploits0References10
Drupal
Drupaladded 2009/09/09 12:0 a.m.10 views

SA-CONTRIB-2009-055 - BUEditor - Cross Site Scripting

The BUEditor module provides a plain textarea editor designed to facilitate code writing. The module suffers from a Cross Site Scripting XSS vulnerability, which allows an attacker to hijack the account of a logged in user by tricking them into visiting a seemingly innocent page using the Live...

6.4AI score
Exploits0References7
Drupal
Drupaladded 2008/04/09 12:0 a.m.8 views

SA-2008-025 - Simple access - Access bypass

The Simple Access module is a node access module that allows administrators to make some nodes private and/or editable by certain user roles. The module contains a flaw that results in the privacy information for a node being lost under certain conditions. These conditions are usually triggered v...

6.8AI score
Exploits0References6
Drupal
Drupaladded 2008/01/30 12:0 a.m.8 views

SA-2008-013 - Project issue tracking - Arbitrary file upload

The Project issue tracking module has a vulnerability where new issues are not properly validated. If the core Upload module is enabled on issue nodes the recommended configuration for the 5.x-2. series, this vulnerability can be used to attach malicious files to new issues, regardless of the...

6.5AI score
Exploits0References8
Drupal
Drupaladded 2007/08/20 12:0 a.m.7 views

Project and Project issue tracking - Access bypass

The Project and Project issue tracking modules provide a series of permissions to control access to projects and issues: "access projects", "access own projects", "access project issues" and "access own project issues". While these permissions correctly prevent users from viewing the entire proje...

6.6AI score
Exploits0References2
Drupal
Drupaladded 2006/12/18 12:0 a.m.10 views

Project and Project issue tracking XSS

Several fields are not passed through checkplain on display. A malicious user could use these fields to insert and execute XSS Cross Site Scripting. This may lead to administrator access if certain conditions are met. Additionally, certain error messages are generated that include potentially...

6.3AI score
Exploits0References9
Rows per page
Query Builder